Healthcare IT News - March 2009 - (Page 32) 32 Healthcare IT News March 2009 ■ vENdoRS www.HealthcareITNews.com based Touchstone Behavioral Health, agrees. He is using Symantec’s End-Point Protection software to ensure the security of laptops sent out into the field – be it a client’s house, a school, a park or a fast-food restaurant. The key to any security software, he said, is separating the legitimate users and uses from those looking to steal data or wreak havoc. “Because we’re dealing with children, and with the dark side of human behavior, there are times when our therapists are dealing with Web sites that we would normally block,” he said. Symantec “is a lot less intrusive, but allows us to be aggressive in monitoring and dealing with malware.” “I have 3,000 doctors who actually need legitimate access,” added Halamka. “You don’t want to tie them up during a medical emergency.” State and federal agencies are coming down harder on healthcare providers who fail to properly protect their data. In California, for instance, two new laws took effect this January that require providers to maintain the confidentiality of patient medical information. The penalty for a security breach can range from $25,000 to $250,000 per reported event. More importantly, patients can recover damages without proving actual loss or harm – a provision that’s expected to lead to an increase in lawsuits. In New Orleans, the Ochsner Health System called upon Carlsbad, Calif.-based Breach Security to identify Web application defects and secure its Web sites from attack. Breach Security’s WebDefend software is now in use at the system’s seven hospitals and its more than 35 health centers, which employ more than 11,000 people. “The challenge is that hospitals and healthcare providers aren’t IT experts,” said Sanjay Mehta, Breach Security’s senior vice president, whose company focuses on application security. “The keys to the kingdom lie in the application,” he said, estimating that 70 percent to 80 percent of all successful attacks are application-layer intrusions. “The idea is to capture all of the information at hand, identify the data and classify it.” Halamka, Porter and Mehta all point out that today’s threats to hospital security are more elaborate, with hackers gaining access to newer, better tools just as quickly as hospital security experts devise new safeguards. Mehta laments that hospitals and healthcare providers are loath to admit security breaches, often preventing others from learning from their mistakes. On the flip side, he said, “hackers love to brag.” Axis Technology is approaching the problem from a different angle. The Bostonbased provider of enterprise data solutions recently launched DMsuite, a data masking platform that allows hospitals to profile, provision and mask sensitive healthcare information, replacing it where needed with usable, fictitious data. Halamka, who estimated he spends more than $1 million a year protecting patient records, would like to see funding in the new federal stimulus package spent on security for clinicians. He envisions a trusted statelevel “healthcare SWAT team,” or perhaps a public-private cooperative. And while many people cringe when news reports surface of a data security breach at a hospital, he finds cause for optimism. “At least that proves the security systems do work,” he said. “Eventually.” ■ More at HealthcareITNews.com e Connect: Security 0309 emageon-HSS merger called off By ErIC WICkluNd, Managing Editor BIRMINGHAM, AL - The sECurITy Continued from page 1 proposed merger of Emageon and Health Systems Solutions has been terminated. New York-based HSS announced on Feb. 11 that its financing firm, Stanford International Bank, Ltd., would not have the money to complete the deal. The next day, Emageon announced the deal was off and that it had taken possession of $9 million put into an escrow account. HSS had agreed last Oct. 14 to pay $62 million, or $2.85 a share, for the Birmingham, Ala.-based healthcare IT provider. Emageon shareholders agreed to the merger on Dec. 18. Later that month, company officials accused HSS of “stalling” after it appeared that HSS didn’t have the money to complete the deal. The two sides then set a closing date of Feb. 11. ■ More at HealthcareITNews.com e Connect: MerGer 0309 ● Beth Israel Deaconess and its three partner hospitals – Beth Israel Deaconess Hospital in Needham, Mass., New England Baptist Hospital in Boston and Mount Auburn Hospital in Cambridge – turned to Third Brigade to set up a security network at the server level. “We’re blocking it at a much higher level” than at the application level, he said. “Things have gotten so sophisticated that we need this level of protection.” Steven Porter, director of IT at Arizona- Top 10 Reasons 1. EXPERTISE. Apply your knowledge with authority and confidence 2. CREDIBILITY. Gain professional clout industry-wide 3. OPPORTUNITY. Fast forward your career in new directions 4. EXCELLENCE. Uphold the highest industry standards and regulations 5. RECOGNITION. Be part of an elite, highly respected group Why YOU Should be CPHIMS Certified 6. DISTINCTION. Set yourself apart in the industry 7. ACHIEVEMENT. Demonstrate your mastery of proven, broad-based HIT concepts 8. EVIDENCE. Validate your knowledge and experience 9. RESOURCES. Leverage the right skills and tools to make a difference 10. COMMITMENT. Prove your dedication to your career and the industry HIMSS is proud to offer the Certified Professional in Healthcare Information and Management Systems (CPHIMS) certification— healthcare IT’s gold standard credential. YOU should be CPHIMS certified… Get all the details today at www.himss.org/getcertified! ● http://www.HealthcareITNews.com http://www.HealthcareITNews.com http://www.healthcareitnews.com/news/emageon-hss-merger-called http://www.orionhealth.com http://www.orionhealth.com http://www.himss.org/getcertified http://www.himss.org/getcertified http://www.HealthcareITNews.com http://www.healthcareitnews.com/news/hospital-security-risks-worry-execs
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.